A while back, in November 2014, I was posting an article showing that over the course of a year and a half or so (my blog was rehosted from February 2014), fail2ban blocked 1633 IPs.

Today I checked again, and to my surprise I got:

[root@ciplogic ~]# iptables -L -n | grep REJECT | wc -l5853

For the first time segment (273 days period) I averaged 5.98 IP bans a day. From that day to today I got: 5853-1633 = 4220 new bans. The time period from November 2014 to today is 573 days.

That means in the last year the banning grew to 7.36 bans a day (~20% increase). And we need to remember that this is also with the previous backlist.

So today, beside applauding fail2ban's relentless work, I changed the port of the SSH server.

To my surprise from this morning, until now, there is radio silence from the fail2ban new bans. I guess most scanners don't do a port scanning first, and they just try to find default or weirdly configured SSH servers.

A while back I wrote a small program named fast-live-reload. The point of it was to be able to do things whenever files change (be that refreshing browsers, or executing programs, such as Compass compilation).

Here is another sample on how I use it to try out python snippets really fast:

I basically split my current view in two (using byobu), and I edit in the left view with my trusty vim. Whenever I save, fast-live-reload picks it up and executes the script.